The tornado template system automatically escapes everything except the output of modules or the raw
directive; modules are expected to do their own escaping. In this case the escaping is actually done by the linkify
module.
linkify
takes plain text and turns it into html, so it must assume that any angle brackets are meant to be shown verbatim, and escapes them. You don't want to actually pass <img>
tags through linkify
because it's not smart enough to see the src attribute, and if you had an absolute url it would become <img src="<a href="url">url</a>">
.
If you want to include message["html"]
with no escaping, the simplest way is to use the raw
directive: {% raw message["html"] %}
. See the template docs at http://www.tornadoweb.org/en/stable/template.html